'Black Panther', an Orthodontist, and a Possible HIPAA Violation

Davis Liu, MD, reviews the ethics of blogging about patients

After an orthodontist blogged about an emergency visit where his patient broke her retainer after watching Michael B. Jordan in the blockbuster hit " Black Panther," the young woman identified herself as the anonymous patient after learning about the story via Twitter. Although she was initially quite embarrassed, she was ultimately good-natured about all of the unexpected publicity. The natural question for many healthcare providers was whether there was a violation of patient privacy or HIPAA. If there was, was there any harm? If there was a violation of patient privacy or HIPAA, what should the consequences be if any?

HIPAA Violation? Protecting PHI Alone May Not Be Enough

What we know is that the orthodontist in question feels that this blog post was not a HIPAA violation. This much is clear on his blog.

He might be correct at first glance.

Classically, healthcare providers and other entities covered under HIPAA are responsible for ensuring patient privacy by taking steps to minimize the use and exposure of protected health information (PHI). PHI includes demographic information, age, gender, the name of the individual, and Social Security number, among other specific details. PHI alone, (i.e., a person's name and a phone number without any health information, condition, etc.), would be useless if found on the street.

If a patient found her information on the street, she would also be unable to tell how it got there, who exposed that information, or if there was a patient privacy or HIPAA violation. To a stranger or even a loved one, that information alone also does not reveal any medical information or condition, which in many ways is the reason for HIPAA and patient privacy. There are medical conditions and situations that a patient simply does not want spouses, loved ones, or colleagues to know about. This is why patients should feel comfortable in telling healthcare providers their concerns in extreme confidence, as it is this trusting relationship that is so vital in helping patients with their problems and ailments.

In the world of social media, the standard may be whether a patient or others could reasonably figure out an individual patient case given the information provided. Even without revealing PHI, it's possible that despite the succinctness of this blog post, patient privacy was violated.

The details of the blog post, through both text and images, are quite specific -- an orthodontist had an emergency visit and mentioned that his patient had a broken retainer after watching a specific movie when the actor took off his shirt.

Shortly afterward, the patient figured it out after learning from others who saw the viral blog post.

The Internet is the Public Space

The fact that it didn't take long for the patient to figure out that she was the one in question suggests there was a patient privacy violation. Medical students are warned when starting third-year rotation to be mindful and respectful when communicating about patient care to other medical staff, and particularly in public places like the elevators or cafeteria. One never knows if a patient's loved one or friend is within earshot and standing next to the medical team in the elevator. With social media, this public space has gotten a lot larger. There have been cases of healthcare providers being terminated from their jobs even though no PHI was revealed, but the patient, family, or employer learned about the patient situation via tweets or Facebook posts.

The next question becomes was there any harm?

In this case, initially, based on her tweets, the answer might have been yes. However, despite the unexpected fame, it appears she is enjoying her moment in the spotlight. Will she have any regrets years from now? The media buzz and attention will soon disappear, but all of the filed stories won't. The internet has a long memory.

This story reminds all of us in healthcare that our duty to protect privacy, particularly in the world of social media, means we need to be extra vigilant in what we say and in what settings or forums we say it in.

A doctor-patient relationship is one of the most sacred. Trust in that relationship relies on patient privacy. It appears this may be one situation where that privacy was violated. Perhaps the most professional thing to do is to never post anything about patient care.

Accessibility Statement

At MedPage Today, we are committed to ensuring that individuals with disabilities can access all of the content offered by MedPage Today through our website and other properties. If you are having trouble accessing www.medpagetoday.com, MedPageToday's mobile apps, please email legal@ziffdavis.com for assistance. Please put "ADA Inquiry" in the subject line of your email.